pk: add an alternative function for checking private/public key pairs
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.
Tests were also fixed accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 408fe5d..a772608 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -955,7 +955,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_USE_PSA_CRYPTO */
void mbedtls_ecp_check_pub_priv(int id_pub, char *Qx_pub, char *Qy_pub,
int id, char *d, char *Qx, char *Qy,
int ret)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 20f61fc..de531d3 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -489,6 +489,15 @@
mbedtls_pk_init(&prv);
mbedtls_pk_init(&alt);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* mbedtls_pk_check_pair() returns either PK or ECP error codes depending
+ on MBEDTLS_USE_PSA_CRYPTO so here we dynamically translate between the
+ two */
+ if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) {
+ ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+#endif
+
TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL,
mbedtls_test_rnd_std_rand, NULL)